# /etc/ipsec.conf - FreeS/WAN IPsec configuration file

# More elaborate and more varied sample configurations can be found
# in FreeS/WAN's doc/examples file, and in the HTML documentation.



# basic configuration
config setup
	# THIS SETTING MUST BE CORRECT or almost nothing will work;
	# %defaultroute is okay for most simple cases.
	interfaces=%defaultroute
	# Debug-logging controls:  "none" for (almost) none, "all" for lots.
	klipsdebug=none
	plutodebug=none
	# Use auto= parameters in conn descriptions to control startup actions.
	plutoload=%search
	plutostart=%search
	# Close down old connection when new one using same ID shows up.
	uniqueids=yes



# defaults for subsequent connection descriptions
# (mostly to fix internal defaults which, in retrospect, were badly chosen)
conn %default
	keyingtries=0
	disablearrivalcheck=no
	authby=rsasig
	leftrsasigkey=%dns
	rightrsasigkey=%dns



# connection description for (experimental!) opportunistic encryption
# (requires KEY record in your DNS reverse map; see doc/opportunism.howto)
conn me-to-anyone
	left=%defaultroute
	right=%opportunistic
	keylife=1h
	rekey=no
	# uncomment this next line to enable it
	auto=route



# sample VPN connection
conn sample
	# Left security gateway, subnet behind it, next hop toward right.
	type=tunnel
	left=200.182.250.57
	leftsubnet=192.168.4.0/24
	leftrsasigkey=0sAQOXm+T0m+5J1ohjiNN4frB0AIzkzo1NIsY0cS2DXrvISjCZp5DrFe78FIFbJbmAX0mYt6D+h/I4QNdnlvLKztOyAmLkfPiMBbjBiPAjQ95PBVrMUmHdEIDnTt8lIhgKlF3lqiGpVRqOUrm5P9h+c3a+8n42Vq2BBODLxH/X6sIWllLhSqE7cYmEspBRdLUyl3ZjngDZ5Zt0wt9iOOeL6pPDYJEbXZ6Th5feFOtt02pme0ZTFV4LehoN4WOIv7N/CaUBMW70gwq6R8Q7AX9KVnRahcDir6BC1fcLFCmG7zJy0tUlnXcCDRfrbiilxDcjZlMeZgKzJxHUD2n1GtzUFnYJ
	leftnexthop=200.182.250.1
	# Right security gateway, subnet behind it, next hop toward left.
	right=200.182.250.56
	rightsubnet=192.168.3.0/24
	rightnexthop=200.182.250.1
	rightrsasigkey=0sAQO2rKc7W7vCQWnl3eFo0aKq+7F+vyDFRnZuVvDawhaZGW/HPVo366QialwEVEvl/Rm699VPBlQqB/+OouQIKwTsBO6or+h3UZFIVCjxl2xeemahkkuf7dvzRfv3xRPAv6Oz0aPOFa8uietJvjojgxIBlEiD81Gr0fe3dNGVxl3EeZdLsUBYi5zzFl0uQ8Bf5y87MEuSK7S8Tn5+3SJg31/ESteaVNUymLujMlpqtqqNX8CU1qFuLO0yDgLBELhQOc6BuKk67t5NwgA0elVV5BPNzZVTw0VVA4Kdd4ac3vRQbuTy0x68B6cFwKD1fsxdXN6MG0V6oMyRPnJSr3Y7wxet
	# To authorize this connection, but not actually start it, at startup,
	# uncomment this.
	auto=start